Skip to main content
The Panaseer logo shows a white square and a yellow square around the initial P. To the right of the P there is the copy written ‘anaseer’.
Show main menu Hide main menu

Panaseer Selected as a CIS Development Partner

November 9, 2021, London and New York: Panaseer, an enterprise security company, today announces that it has partnered with the Center for Internet Security, Inc. (CIS®) to further the development of its Control Assessment Specification. 

The newly developed ‘version two’ of the Controls Assessment Specification, will provide guidance on the metrics a company should use to assess how well they are complying with 'version eight’ of the CIS critical security controls. 

CIS is a community-driven non-profit organization that leads a global community of IT professionals to continuously evolve standards and provide products and services to proactively safeguard against emerging security threats. It has years of experience in advising organizations on which controls to prioritize and how to implement them. In 2019 CIS took its first steps into recommending what metrics organizations should measure to assess their compliance with CIS controls, releasing ‘version one’ of the Controls Assessment Specification.  

Developing the de facto automation platform for security measurement has been a strategic priority for Panaseer since its inception in 2014. It pioneered the category of Continuous Controls Monitoring (CCM), which provides enterprises with a trusted, unified view of assets and controls across business lines, regions, and technology platforms. 

By enabling organizations to measure the performance of their assets and controls in an automated, data-driven way, it paved the way for them to more easily assess themselves against the CIS controls framework, and in particular to leverage the measurement guidance provided via Controls Assessment Specification.  This new development partnership combines CIS’ authoritative voice on control best practices and Panaseer’s expertise in security measurement. 

Panaseer is reflecting the Controls Assessment Specification ‘version two’ within its CCM platform. Moving forward, the organizations will work together to develop future versions of the Controls Assessment Specification that are tailored to automated measurement Example metrics and specifications from the Controls Assessment Specification ‘version two’ as translated into Panaseer’s CCM platform, include: 

  • The percentage of devices from the inventory that are missing from the company’s configuration management database (CMDB). 
  • The percentage of devices from the inventory that haven’t been scanned by a patch manager in the last 30 days, but are in scope to be scanned. 
  • The percentage of employees that have received security awareness training in the last 12 months. 

Leila Powell, Lead Data Scientist, Panaseer‘We are thrilled to be selected as a development partner for CIS. Helping create measurement guidance, applicable to CCM, is a hugely important step in driving the adoption of an automated, data-driven approach to measurement. Both Panaseer and CIS recognize that CCM is the future of good control posture – to continually ensure against controls drift, improve accuracy, trust and repeatability of measurement and reduce the current reporting burden on security teams.’ 

Phyllis Lee, Senior Director, CIS Critical Security Controls: ‘The author of a framework should be the authoritative source on how you measure success in that framework. You need to be continuously monitoring controls to make sure that your security metrics are within your set threshold and that you're doing what you need to do to stay compliant. We look forward to further developing the Controls Assessment Specification for automated measurement in collaboration with Panaseer to meet this need.’